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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4a) Of the above claim(s) is/are withdrawn from consideration. 
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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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DETAILED ACTION 



1 . This office action is in response to Applicant's amendment filed on March 30, 
2007. Claims 1, 23 and 39 have been amended. Claims 16-17 have been canceled. 
Claims 1-15 and 18-39 are pending. 

Claim Rejections - 35 USC §112 

2. In view of the amendment filed March 30, 2007, the Examiner withdraws the 
rejection of claims 1-39 under 35 U.S.C. 112. 

Claim Rejections - 35 USC § 101 

3. In view of the amendment filed March 30, 2007, the Examiner withdraws the 
rejection of claims 1-39 under 35 U.S.C. 101. 

Response to Arguments 

4. Applicant's arguments filed March 30,2007 with respect to the Double Patent 
rejection have been considered but are moot in view of the new ground(s) of rejection. 
The rest of Applicant's arguments have been fully considered but they are not 
persuasive. 

The applicant argued that Honarvar does not disclose or suggest that "the user 
has previously answered with a third party customer verification server that is 
independent of said first server," as required by each independent claim. Honarvar 
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teaches a user-authentication engine to perform user authentication processes by 
accessing data from multiple internal sources and external third party data sources. 
Honarvar teaches a multifactor user authentication process that integrates and/or 
accommodates verifying a digital certificate previously issued to an individual against a 
certificate authority. The authentication engine generates user authentication 
examination by using user information from data sources to determine questions, to 
determine answers to be provided by the user, (page 2, paragraph 28; page 7, 
paragraph 112) 

Therefore, all the rejection is maintained as given below. 

Double Patenting 



The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel y 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 
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Claims 1, 24 and 39 provisionally rejected on the ground of nonstatutory 
obviousness-type double patenting as being unpatentable over claims 1, 22 and 32 of 
copending application number 10/626,483. 

Claims 1 , 24 and 39 are rejected on the ground of nonstatutory obviousness-type 
double patenting as being unpatentable over claims 1 , 22 and 32 of copending 
application number 10/626,483 in view of US Publication Number 2003/0154406. 
Although the conflicting claims are not identical, they are not patentably distinct from 
each other because the claims in the instant application and the claims in the copending 
application teach a method of authentication a user by obtaining asserted identity of a 
user, obtaining a random subset of questions that the user has previously answered 
and presenting one or more of said questions until a predefined security threshold is 
satisfied; and authenticating a user when said predefined security threshold is satisfied. 
The only difference is the claims in the instant application recite "obtaining a random 
subset of question that said user has previously answered with a third party..." 
Honarvar teaches a user-authentication engine to perform user authentication 
processes by accessing data from multiple internal sources and external third party data 
sources. The authentication engine generates user authentication examination by using 
user information from data sources to determine questions, to determine answers to be 
provided by the user, (page 2, paragraph 28; page 7, paragraph 112) Therefore, it 
would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to modify the method disclosed by the copending application (483) 
to include "obtaining a random subset of question that said user has previously 
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answered with a third party..." This modification would have been obvious because a 
person having ordinary skill in the art would have been motivated to do so in order to 
provide a multi-factor user authentication processes using any data sources providing 
information about and/or known to users to authenticate users. (Abstract; Honarvar) 
This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1 . Claims 1-39 are rejected under 35 U.S.C. 102(e) as being anticipated by 

Honarvar et al. (hereinafter Honarvar) US Publication Number 2003/0154406. 

As per claims 1 and 39: 

Honarvar teaches a method for authenticating a user, comprising: 
obtaining an asserted identity of said user; (page 2, paragraph 28; page 6, 

paragraphs 100 and 105) 

obtaining a random subset of questions that said user has previously answered 

with a third party customer verification server that is independent of said first server; 
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(page 6, paragraphs 104-105; page 2, paragraph 28; page 7, paragraph 112; page 9, 
paragraphs 120 and 122; page 10, paragraphs 126-127) and 

presenting one or more questions to said user from said random subset of 
questions until a predefined security threshold is satisfied, wherein said user is 
authenticated when said predefined security threshold is satisfied, (page 22, paragraphs 
233-234, 236, 237) 
As per claims 2 and 25: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said user is directed to said customer verification 
server during an enrollment phase, (page 12, paragraph 143) 
As per claims 3 and 26: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said user verification server instructs said user to 
select and answer a number of questions that will be used for verification, (page 13, 
paragraph 145) 
As per claims 4 and 27: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses comprising the step of storing said selected questions at said 
user's location, (page 9, paragraph 120) 
As per claims 5-6 and 28: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses comprising the step of storing said selected questions at said 
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customer verification server, (page 22, paragraphs 233, 236, 237) 
As per claims 7, 9 and 29: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said obtaining step further comprises the step of 
obtaining answers from said user for said selected questions, (page 6, paragraph 105) 
As per claims 8 and 30: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said presenting step is performed by an 
authentication module, (page 7, paragraphs 112) 
As per claims 10 and 31: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said predefined security threshold is based on a 
sum of security weights of correctly answered questions, (page 22, paragraphs 234) 
As per claim 11: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein one or more of said questions are directed to an 
opinion of said user, (page 2, paragraph 27) 
As per claim 12: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein one or more of said questions are directed to a 
trivial fact, (page 2, paragraph 25) 
As per claim 13: 
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Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein one or more of said questions are directed to an 
indirect fact, (page 2, paragraph 24) 
As per claims 14-15: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses comprising the step of presenting said user with a larger pool 
of potential questions for selection of one or more questions to answer, (page 6, 
paragraphs 104-105; page 9, paragraphs 120 and 122; page 10, paragraphs 126-127) 
As per claim 32: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses comprising the step of ensuring that answers to user 
selected questions cannot be qualitatively correlated with said user, (page 2, paragraph 
20) 

As per claim 33: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses comprising the step of ensuring that answers to user 
selected questions cannot be quantitatively correlated with said user, (page 2, 
paragraph 20) 
As per claims 18 and 34: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said questions from said random subset of 
questions are presented to said user in a random order, (page 25, paragraph 266) 
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As per claims 19 and 35: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said questions are presented to said user in the 
form of an index identifying each question, (figure 35) 
As per claims 20 and 36: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said user responds to said questions by returning an 
index identifying each answer, (page 21, paragraph 228-page 22, paragraph 233) 
As per claims 21-22 and 37-38: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses wherein said index identifying each answer can be 
aggregated to form a password, (page 21, paragraph 228-page 22, paragraph 233) 
As per claim 23: 

Honarvar teaches all the subject matter as discussed above. In addition, 
Honarvar further discloses comprising the step of storing an indication of said subset of 
questions on a device or wallet card or piece of paper associated with said user, (page 
7, paragraphs 112) 
As per claim 24: 

Honarvar teaches an apparatus for authenticating a user, comprising: 
a memory; (page 7, paragraph 109) and 

at least one processor, coupled to the memory, (page 7, paragraph 109) 
operative to: 
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obtain an asserted identity of said user; (page 2, paragraph 28; page 6, 
paragraphs 100 and 105) 

obtain a random subset of questions that said user has previously answered with 
a third party customer verification server that is independent of an entity associated with 
said apparatus; (page 6, paragraphs 104-105; page 2, paragraph 28; page 7, paragraph 
112; page 9, paragraphs 120 and 122; page 10, paragraphs 126-127) and 

present one or more questions to said user from said random subset of questions 
until a predefined security threshold is satisfied, wherein said user is authenticated 
when said predefined security threshold is satisfied, (page 22, paragraphs 233-234, 
236, 237) 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Shewaye Gelagay 




EMIflANUELL MOISE 
SUPERVISORY PATENT EXAMINER 




